= bug description = There is no HSTS header anymore for lists.fpo: {{{ curl -sI https://lists.fedoraproject.org/ | grep Strict }}}
= bug analysis =
I am sure there was one and ansible shows it as well:
{{{ $ cat -n playbooks/include/proxies-websites.yml 456 - role: httpd/website 457 name: lists.fedoraproject.org 458 server_aliases: [lists.stg.fedoraproject.org] 459 sslonly: true 460 # Set this explicitly to stg here.. as per the original puppet config. 461 SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert 462 cert_name: "{{wildcard_cert_name}}" 463 when: env == "staging" }}}
= fix recommendation =
Maybe this configuration is not used anymore because of hyperkitty. Then adjust the new configuration to use HSTS.
It's not using the proxy setup, it's going directly via our old mailman2 server (collab03).
I've fixed it up there for now. As soon as we move fully to mailman3 we will switch to using proxies.
Log in to comment on this ticket.